The federal government has released guidelines for Commonwealth entities to follow when sharing and using the personal data of citizens while the specifics of the proposed Data Sharing and Release Act are still being nutted out.
In a bid to simplify how data is shared and used within public services, the federal government has been developing new legislation to "realise the value of public sector data and modernise the Australian government data system".
The overall aim of the Bill, the government explained previously, will be to safeguard data releases and sharing in a consistent and appropriate way; enhance the integrity of the data system; build trust in use of public data; establish institutional arrangements; and promote better sharing of public sector data.
After releasing draft legislation in July, the final details of the Act still aren't ready, so the Sharing Data Safely guidelines delivered on Tuesday will act as an interim measure while the legislation is being prepared, a statement from Minister for Human Services and Digital Transformation Michael Keenan explained.
"The [government] is making sure that privacy, safety, and security are built into the core of everything we do, but that does not mean we have to lock up public data and throw away the key," Keenan added. "That is why we are taking this robust approach to ensure stringent privacy provisions are maintained as we seek to tap into the social and economic benefits that data can deliver."
The guidelines are coupled with five data sharing principles that will be used to educate agencies on how best to share and release government data in an appropriate manner.
Based on the United Kingdom's Five Safes Framework, Australia's new data sharing principles are: Project -- the purpose for sharing data; data -- the level of detail in the data; settings -- the environment in which the data will be used; people -- who is accessing the data; and outputs -- what results can be made public.
According to Keenan, the guidelines will help provide confidence that citizen privacy is "paramount" to the government.
"The new guidelines we have prepared will help to deliver that confidence by ensuring a more uniform and consistent approach to data sharing across the Australian Public Service," he said in a statement on Tuesday.
"The guidelines also recognise that privacy and data use are not mutually exclusive: In fact, we can strengthen privacy by better using and analysing the data we have."
In its Best Practice Guide to Applying Data Sharing Principles [PDF], the government gives a lot of responsibility to the data custodian -- that is, the Commonwealth entity that holds the data.
The data custodian is required to "assess the request and identify the primary source(s) of data that could be shared in order to satisfy the request". They will then be required to ensure that sharing the data does not constitute an illegal activity. An example of illegal activity would be sharing the data of a non-Australian citizen without first consulting the privacy provisions that individual is subjected to, such as the EU's GDPR.
See also: How Europe's GDPR will affect Australian organisations
Data sensitivity, the best practice guide says, must also be considered, and removed before sharing.
The guidelines -- and an accompanying brochure [PDF] -- were developed by the office of the National Data Commissioner, which was stood up last year with the goal of improving data protection and management.
The guidelines come at a time when the federal government has copped heat over "rushing" through legislation around the upcoming Consumer Data Right (CDR).
The CDR will allow individuals to "own" their data by granting them open access to their banking, energy, phone, and internet transactions, as well as the right to control who can have it and who can use it.
The inquiry under way on the Treasury Laws Amendment (Consumer Data Right) Bill 2019 by the Senate Economics Legislation Committee has seen a handful of submissions from interested parties, highlighting specific concerns over the adequacy of the privacy safeguards the CDR will contain, the rushed nature of the Bill, the distinct banking focus the Bill will have, and whether the outcome of the CDR will serve organisations more than it will consumers.
Treasury's head of structural reform Hamish McDonald said its passage is an important part of meeting the government's timeline and rejected the idea thata the legislation is being rushed through when it comes to its content.
Keenan did not say when the legislation will be ready.
Researchers label Australian data-sharing legislation a 'significant misalignment'
The proposed legislation has been called out for prioritising the perceived greater good instead of respecting minimal rights of the individual.
Australian government to bring all services online by 2025
The Coalition has labelled its own digital transformation strategy as a 'bold' plan that will make government accountable.
The Australian government and the loose definition of IT projects 'working well'
Straight-faced, a Department of Human Services representative told a Senate committee its data-matching 'robodebt' project went well, because it produced savings.
Why Australia is quickly developing a technology-based human rights problem (TechRepublic)
Human rights advocates have called on the Australian government to protect the rights of all in an era of change, saying tech should serve humanity, not exclude the most vulnerable members of society.